Add LimitRequestBody configuration for Horizon

Since CVE-2022-29404 is fixed [1,2] the default value for the LimitRequestBody directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB. This limits the size of images (for example) uploaded in Horizon. This change add the ability to configure the limit. 1. https://access.redhat.com/articles/6975397 2. https://ubuntu.com/security/CVE-2022-29404 Closes-Bug: #2012588 Change-Id: I4cd9dd088cbcf38ff6f8d188ebcc56be7d9ea1c9 Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>

Add LimitRequestBody configuration for Horizon
d907790f · Maksim Malchuk · 2845861e · d907790f · d907790f
Commit d907790f authored 2 years ago by Maksim Malchuk
--- a/ansible/roles/horizon/templates/horizon.conf.j2
+++ b/ansible/roles/horizon/templates/horizon.conf.j2
@@ -40,6 +40,9 @@ TraceEnable off
    SSLCertificateFile /etc/horizon/certs/horizon-cert.pem
    SSLCertificateKeyFile /etc/horizon/certs/horizon-key.pem
 {% endif %}
+{% if horizon_httpd_limitrequestbody is defined %}
+    LimitRequestBody {{ horizon_httpd_limitrequestbody }}
+{% endif %}
 </VirtualHost>
 <IfModule mod_deflate.c>

--- a/releasenotes/notes/add-horizon-limitrequestbody-4f79433fa2cf1f6d.yaml
+++ b/releasenotes/notes/add-horizon-limitrequestbody-4f79433fa2cf1f6d.yaml
+---
+features:
+  - |
+    Since CVE-2022-29404 is fixed the default value for the LimitRequestBody
+    directive in the Apache HTTP Server has been changed from 0 (unlimited) to
+    1073741824 (1 GiB). This limits the size of images (for example) uploaded
+    in Horizon. Now this limit can be configured via
+    ``horizon_httpd_limitrequestbody``.
+    `LP#2012588 <https://bugs.launchpad.net/kolla-ansible/+bug/2012588>`__